CVE-2026-10154 | Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2 messaging.php ID authorization

A vulnerability was found in Dolibarr ERP CRM 23.0.0/23.0.1/23.0.2 and classified as critical. The affected element is an unknown function of the file htdocs/user/messaging.php. Such manipulation of the argument ID leads to authorization bypass.

This vulnerability is documented as CVE-2026-10154. The attack can be executed remotely. There is not any exploit available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More